Get started

1. Check out the documentation

To get a basic feel for the services offered by the SBAB Bank-API, it is a good idea to read through our documentation. It will give you an overview of all the endpoints available and detailed information about these. Start by reading through the section "Introduction".

The documentation describes how to integrate with SBAB using our API. Only registered clients can access the API. To obtain information on how to register for access, contact us using the contact information at the top of this documentation.

SBABs bank-api is divided into five sections:

Authorization - Used for both end users and system users to retrieve access token.

AIS - Account Information Service (PSD2)

PIS - Payment Initiation Service (PSD2)

Enterprise - The rest of SBAB Bank-API:s. It has functionality to fetch loan information och apply for new mortgage loans.

Open - The service SBAB provide that requires no authorization

The API is based on HTTP and JSON. If the call is successful, an HTTP status code of 200 or 202 is returned. In that case the response objects listed in this documentation should be expected in the response body. However, the response objects may contain more fields than the ones listed in this documentation. Fields not documented should be ignored.

The version of the API is indicated in the path. Newer versions may deprecate this version. If that happens, registered clients will be updated with information about the new version and a time plan for when the old version will be deprecated.

2. Create a sandbox account

Once you've got a basic feel for the SBAB Bank-API, it's time to test the API. But before get started, you must create an authorization key (aka bearer token) for the sandbox environment.
This bearer token must be used in all sandbox requests. As an alternative use a valid PSD2 client certificate, see next section.

3. Explore the API

There are three ways to test the sandbox APIs.

The first alternative is to register in the develop-portal and receive a Bearer Token by email in the format 'Bearer 12345-12345-12345-12345'. You need to click on the verification link sent to you in the onboarding mail. This will activate the token. Then use this in a HTTP HEADER named 'Authorization'. Key: Authorization, Value Bearer 12345-12345-12345-12345. All data is then available.

The second alternative is to use a valid test or production PSD2 certificate. As opposed to the production environment, no mutual TLS handshake will occur in the sandbox. All data based on the scope (AIS and/or PIS) in the certificate is then available.

The third alternative is to simply call the SBAB-open endpoints where no authorization is required.

Please note that the sandbox environment is exclusively based on mocked data with no or limited capability to save your results.